Malicious code in @amber-team/export-events-to-sheet (npm)

The package @amber-team/export-events-to-sheet was found to contain malicious code...

MAL-2025-7056 Malicious code in @amber-team/export-events-to-sheet (npm)

The package @amber-team/export-events-to-sheet was found to contain malicious code...

Mobile Events Manager < 1.4.8 - Admin+ CSV Injection

The plugin does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. PoC Export events with malicious CSV: 1. Create and save a new Enquiry source and add the following in the name...